Sunday, February 17, 2019

VMWonAWS NSX-T Network Visibility using Log Intelligence


In this blog, I will be demonstrating about Log Intelligence ‘s capability which provides unified visibility into VMware Cloud on AWS NSX-T network packet logs.

VMware Log Intelligence is the only logging solution which gives you NSX & Audit Logs from VMware Cloud on AWS.

Benefits / Use Case

Following are the benefits and applicable use cases 

Benefit
How
Use Case
Monitor Logical Network (Segments)
Automatically forward the logs to Log Intelligence service when a logical network was created, changed or deleted in VMC
Troubleshooting Use case -
Assists in troubleshooting of any network issues due to any network change.
Also allows you to keep in check the number of networks created in the cloud

Monitor Firewall Rules 
If enabled from VMC Console logs will be saved in Log Intelligence service when a firewall rule is created changed or deleted in VMC

This is for both Gateway (Compute & Management) and Distributed firewall

Security Monitoring -
Firewall and NAT rules are a critical feature which keeps the SDDC secure.
Using this you can maintain the security of the SDDC
Monitor NAT rules

Automatically forward the logs to Log Intelligence service when a NAT rule is created changed or deleted in VMC
Application Monitoring -
Analyze traffic sources and destinations for the application.


Enable logging for Firewall Rule(s)


By default, firewall rules don’t save logs in Log Intelligence service. You will need to enable it from VMC Console. 

Management Gateway Firewall Rule


In the Networking & Security Tab of the SDDC navigate to Gateway Firewall under Security section, select Management Gateway and Click Add New. Specify detail of the rule and click Enabled. You will notice a small information note which states

“Enabled Logging for one or more rules. Logs will be saved in Log Intelligence Service”




Compute Gateway Firewall Rule


In the Networking & Security Tab of the SDDC navigate to Gateway Firewall under Security section, select Compute Gateway and Click Add New. Specify detail of the rule and click Enabled. You will notice a small information note which states

“Enabled Logging for one or more rules. Logs will be saved in Log Intelligence Service”



Distributed Firewall Rule


In the Networking & Security Tab of the SDDC navigate to Distributed Firewall under Security section, select your preferred section and Click Add New. Specify detail of the rule and click Enabled. You will notice a small information note which states

“Enabled Logging for one or more rules. Logs will be saved in Log Intelligence Service”




NSX-T for VMware Cloud on AWS - Content Pack


Log Intelligence has made it simple by providing an OOTB content pack for NSX-T for VMware Cloud on AWS. This content pack provides powerful insights into the NSX-T firewall rules, packet traffic rules created in VMware Cloud on AWS along with audit details allowing administrators to audit, monitor and troubleshoot the behavior of configured rules in their VMware Cloud on AWS environment

Procedure to enable/disable content pack 


Navigate to Content Pack menu to enable/disable content pack


Once it is enabled you get OOTB queries and alert definitions which allows getting notified via Email or Webhook


Samples Log Messages from the OOTB Content Pack


NSX-T for VMware Cloud on AWS | Logical Network Created


NSX-T for VMware Cloud on AWS | Logical Network Deleted



NSX-T for VMware Cloud on AWS | Virtual Machine Created



NSX-T for VMware Cloud on AWS | Virtual Machine Removed





NSX-T for VMware Cloud on AWS | Distributed Firewall Rule Created




NSX-T for VMware Cloud on AWS | Distributed Firewall Rule Changed




NSX-T for VMware Cloud on AWS | NAT Rule Created


NSX-T for VMware Cloud on AWS | NAT Rule Deleted


Sample Alerts


Following are some alerts which were triggered for NSX-T for VMware Cloud on AWS OOTB Alert Definitions




Sample Dashboard


If you would like you can also create a Dashboard which can be used to monitor/troubleshoot




Conclusion


VMware Log Intelligence gives you unified visibility into VMware Cloud on AWS NSX-T network packet logs which allow admins/application owners to troubleshoot/application monitoring along with security monitoring
-->